ALAS-2013-217 ---- nssID: oval:org.secpod.oval:def:1600263 | Date: (C)2016-05-19 (M)2023-12-07 |
Class: PATCH | Family: unix |
It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. An out-of-bounds memory read flaw was found in the way NSS decoded certain certificates. If an application using NSS decoded a malformed certificate, it could cause the application to crash
Platform: |
Amazon Linux AMI |